Security Permissions for Locking Down OUs
I have created an OU that I want to give a department rights to add new accounts and reset passwords. I understand that I can delegate them to this OU but how do i hide the other OUs in the domain/forest? I had tried to take away read from authenticated
users but this didn't work as expected. When I tried to set this then some of the servers couldn't apply group policy. What is the correct way to hide an OU from regular users?
Thanks!
March 26th, 2012 11:24am
Hi
I assume your problem is because the users you have delegated control to are using AD Users & Computers for management.
As an alternative to AD Users & Computers, you could create a Taskpad view for them to use. The following link has a good example of how to do this...
http://www.petri.co.il/create_taskpads_for_ad_operations.htm
Hope this helps.Douks
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2012 12:24pm